[EMAIL PROTECTED] wrote:
>
> On 4 Feb, Fuzzy Fox wrote:
>
> > 118.136.195.151
> > +-----+ internet +----+
> > | ISP |-------------------| GW |--> to other 44.x.x.x hosts
> > +-----+ +----+
> > |
> > | ppp0 (205.1.1.20) 44.80.42.1
> > +------------+ (192.168.1.2) +--------+
> > | Linux Masq |--------------------------| JNOS |---> local net
> > +------------+ slip0 (192.168.1.1) +--------+ 44.80.42.0/24
> >
> > I like pictures. They describe things so succinctly. :)
[big snip]
> Here is my bare bones ipfwadm test setup that I have in rc.local.
> In simplest terms, I want anything FROM JNOS passed to GW to appear to
> use the Linux dynamic IP address
Why on earth do you want that?
Shouldn't you bypass masquerading here and let gateway see packets from
44.80.42.*? Tell the masq box not to masquerade those, just send them on
to the ISP.
You would then need routes saying:
GW: route to 44.80.42.0 via 205.1.1.20
Masq box: """"""""""""""""""""""" 192.168.1.2
Two catches. One is that the first routing thing above needs to be in
the
DNS of whoever owns the 44.80.* domain; you can't do this yourself. The
other is that this handkes packets from 44.80.42.* correctly but not any
packets that JNOS creates with a 192.168.1.2 in the source IP header
field. I don't even know if a solution is possible for them, let alone
what it might be.
--
"The real aim of current [cryptography] policy is to ensure the
continued effectiveness of US information warfare assets against
individuals, businesses and governments in Europe and elsewhere"
Ross Anderson, Cambridge University
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
